Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:CLSID:ACTIVEX:SHELLAPP

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 AOL Instant Messenger Shell.Application ActiveX Vulnerability

Release Date

 2007/11/29

Update Number

 1213

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: AOL Instant Messenger Shell.Application ActiveX Vulnerability


This signature detects attempts to exploit a known vulnerability against AOL Instant Messenger. An attacker can create malicious Web pages, which if accessed by a victim, can lead to the attacker gaining control of the victim's client browser.

Extended Description

AOL Instant Messenger is prone to a remote script-code-execution vulnerability. An attacker may leverage this issue to execute arbitrary script code in the notification window of an unsuspecting user. This may help the attacker launch other attacks.

Affected Products

  • AOL Instant Messenger 6.1.32.1
  • AOL Instant Messenger 6.1.41.2
  • AOL Instant Messenger Lite
  • AOL Instant Messenger Pro

References

  • BugTraq: 25659
  • CVE: CVE-2007-4901
  • URL: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out